Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Abstract
Smart devices are equipped with multiple authentication techniques and still remain prone to
attacks since all of these techniques require explicit user intervention. The purpose of this paper
is to capture the user behavior in order to use it as an implicit authentication technique.
1. INTRODUCTION
The technological advances in all domains are making the use of smart devices in everyday life
more imposing. These range from smart phones to laptops, tablets and even i-watches. This field
is in continuous development and every newly released generation is opening new possibilities to
the engagement with the user's context and increasing security threats. The European Union
Agency for Network and Information Security [1] listed in a survey the top ten security information
risks for smart phone users. The number one was data leakage resulting from device loss or
theft. This result was also featured by the US-CERT (United States Computer Emergency
Readiness Team), which also mentioned that the number of new vulnerabilities has jumped 42%
from 2009 to 2010.
In order to fight that, smart devices are usually equipped with three authentication factors:
something you know, something you have, and something you are. What you know comes as the
main security recommendation for any user; that is to set up his phone with a pin or a strong
password. But even that level of security can be trespassed if an attacker has enough time and
access to the device. From the user's perspective, that type of authentication has a very low
usability therefore a user might choose to store his password on the device for easier access and
by that compromising its security. Something you have is by proving possession of something
external to the system. Common choices for proving possession are: hardware tokens that
generate one-time passwords, access to an e-mail address, the mobile device itself can be
registered with an application, and then, possession of the device can be used as a something
you have authentication factor. Choices for something you know that require a user to carry an
additional device are less convenient for the user. One of the reasons for the popularity of mobile
device is its convenience. The something you are factor uses biometrics to authenticate users.
Biometric based techniques are multiple such as keystroke analysis that was discussed in a
research published in the International Journal of Information Security in 2007[2]. This paper
identified two typical handset interactions, entering telephone numbers and typing text messages.
It was found that neural network classifiers were able to perform classification with average equal
International Journal of Computer Science and Security (IJCSS), Volume (10) : Issue (4) : 2016 120
Hassan Sbeyti
error rates of 12.8%. Based on these results, the paper concludes proposing a flexible and robust
framework to permit the continuous and transparent authentication of the user, thereby
maximizing security and minimizing user inconvenience, to serve the needs of the insecure and
functional mobile handset. Also, in 2009, a paper was published discussing a different form of
keystroke dynamics with the finger pressure [3]. This finding has shown that, the finger pressure
gives the discriminative information more than keystroke dynamics with the k-NN analytical
method. Moreover, using only the finger pressure produces high accuracy of a 99% rate.
Combining multiple biometrics may enhance the performance of the personal authentication
system in accuracy and reliability. In Combining fingerprint and voice print biometrics for identity
verification: an experimental comparison [4], 13 combination methods were compared in the
context of combining the voice print and fingerprint recognition system in two different modes:
verification and identification. The experimental results show that Support Vector Machine and
the Dempster-Shafer methods are superior to other schemes.
These authentication methods have proven their weakness in terms of usability and also
efficiency. These methods are represented in the phones in the form of different screen lock
mechanisms. From these mechanisms, we can name a few, such as:
A simple swipe, which does not provide security at all and is simply used as a screen
saver.
Face unlock where the user provides a shot of his face that is then recognized by the
device and used to unlock it. This method has proven its weakness and its incapability of
recognizing the user if the surrounding conditions of light mainly do not match the ones
on the day he saved the settings.
Face unlock and voice which combines the facial with the voice recognition. If the user is
found in a place where he cannot raise his voice to the same pitch as the one used when
he set up this security, then the authentication will fail.
Pattern which is the most common form of authentication and yet still weak since an
adversary can guess the pattern of the user by simply checking the screen of the phone
in an appropriate angle to see traces of the finger.
PIN and password which are considered as a medium to high security is a combination of
numbers or characters chosen by the user and required to be entered at every attempt to
unlock the screen which can become quite annoying.
The above mentioned methods are becoming more and more annoying for the user since he has
to repeat the same action multiple times a day often over 100 times. These types of
authentication are user dependent and require his immediate intervention and input in order to
proceed. And by that, any explicit action can be memorized by an adversary and used to unlock
the device without the owner's consent. Also, once the device is unlocked, the security feature is
deactivated even if it was not with its rightful owner.
Therefore, an additional layer of security is required, one that does not require direct user
intervention, but works implicitly and continuously to decide whether the user is indeed the
authorized one. The proposed system aims at reducing the number of explicit authentication. Its
purpose is not to replace the common authentication methods, but rather to complement them.
That is, the user can still use his chosen authentication method, but once the phone is unlocked,
the implicit authentication takes charge to determine if the user is indeed the owner or an
attacker.
In order to be able to decide that, the device has to gather user centric data that will uniquely
characterize the owner. As an example of such data is the gestural input. In the paper Biometric-
rich gestures: a novel approach to authentication on multi-touch devices [5], a comprehensive set
of five-finger touch gestures was defined, based upon classifying movement characteristics of the
center of the palm and fingertips, and tested in a user study combining biometric data collection
with usability questions. Using pattern recognition techniques, a classifier was built to recognize
unique biometric gesture characteristics of an individual. 90% accuracy rate was achieved with
International Journal of Computer Science and Security (IJCSS), Volume (10) : Issue (4) : 2016 121
Hassan Sbeyti
single gestures, and significant improvement was noticed when multiple gestures were performed
in sequence. User ratings aligned well with gestural security, in contrast to typical text-based
passwords.
Another implicit authentication technique discussed in "Implicit user re authentication for mobile
devices" [6] included the observation of user-specific patterns in file system activity and network
access to build models of normal behavior. The proposed system was able to distinguish
between normal use and attack with an accuracy of approximately 90% every 5 minutes and
consumed less than 12% of a typical laptop battery in 24 hours.
The main focus of our study is to extract the behavior to transform it into a biometric signature
that can be used to authenticate the user. We will attempt to discover whether it is possible to
extract unique user signature from the behavioral pattern to be used as an implicit authentication
mechanism. What kind of user centric information (and in what frequency) should be collected in
order to detect the user behavioral pattern? How to transform the detected pattern into a unique
signature? What correlation methodology should be used to verify the extracted signature?
In this work, we lay foundational work for implicit authentication through the capture of a user's
unique behavioral pattern. The proposed system aims at reducing the number of explicit
authentication. Its purpose is not to replace the common authentication methods, but rather to
complement them. That is, the user can still use his chosen authentication method, but once the
phone is unlocked, the implicit authentication takes charge to determine if the user is indeed the
owner or an attacker. To achieve this, we introduce a technique by which we capture the
signature of the application usage of a user. First, we collect application related data and in
particular the duration of use. Next, we use a mathematical algorithm that will convert that data
into a function particular to this user. This function will be used at run-time to determine if the user
is indeed the rightful owner or an attacker. Our findings support that this is an approach with great
potential. Thus, the main contribution of this work is a framework that helps us understand the
user behavior and transform it into a unique signature that can be used to authenticate the user.
The study provides an insight into quantifying user behavior and using it as a comparison
standard. The remaining parts of this report are organized as follows: Chapter II introduces the
related work. Chapter III presents in details the different components of MOUBE (Mobile user
authentication based on user behavioral pattern), the behavioral pattern extraction and the
mathematical model (cubic spline interpolation). Chapter IV presents the experimental results that
evaluate the proposed model. Finally, chapter V, gives an overview about future work.
2. RELATED WORK
Implicit authentication is a very broad topic and has been discussed by multiple papers. We will
first look into the phone recognition; next we will go through some research concerning the user
recognition. These researches are divided between looking into the behavioral pattern of the
user, the keystroke analysis, and the gait recognition. This work is an extension of the work
started by B. Elhajj ,H. Sbeyti[7][8] (MUSEP) that is based on the same method to generate the
user behavior but the MOUBE system differ form the previous work by the following feature:
1. MOUBE is implemented on an android platform; hence it is tested in real condition, where
MUSEP uses simulation.
2. MOUBE uses two learning phases to generate a dynamic threshold for every hour for
each user, while MUSEP uses a static threshold for all users.
3. Within MOUBE, the decision whether the user is genuine or intruder is based on five
previous threshold comparisons, in MUSEP one comparison leads to the final decision.
4. To evaluate accurately the MOBUE system, the number of user tested is three times
more than the number used in MUSEP.
International Journal of Computer Science and Security (IJCSS), Volume (10) : Issue (4) : 2016 122
Hassan Sbeyti
you sync you are? Smartphone Fingerprinting via Application Behavior" [9] tackles that subject in
particular. The research looks into the timing and data volume of network traffic generated by a
device. They relied on traffic generated by applications such as Facebook, WhatsApp, Skype,
Dropbox, and others. For each packet generated by these applications, they recorded the arrival
time, the size of the packet, and the direction whether its an incoming or outgoing packet. Also,
they analyzed the burst which represents the peak of data transfers from the same type of
connection, for example TCP packets. By using the K-NN classifier, they extracted what they
called "fingerprint" of the phone. Following multiple experiments, they concluded that in about 15
minutes, the phone can be recognized with more than a 90% accuracy rate.
International Journal of Computer Science and Security (IJCSS), Volume (10) : Issue (4) : 2016 123
Hassan Sbeyti
online. The architecture of the implicit authentication model will be as follows: past behavior will
be the key for the learning algorithm, then based on the user model, and recent user behavior, a
scoring algorithm will compute a final score based on which it will be decided whether the user is
the original device owner. User modeling assumed in this paper is using independent features,
where for example, a user's location is independent from its phone call log and any other activity.
The data collected to perform this experiment consisted of emails, calls, SMSs, location, contacts,
calendar, tasks, memos, alerts, battery level, (un)holstering, USB connections, power on/off, SD
card removal/insertions. This data was from a blackberry device, over the period of 3 months. In
order to simplify the research, the analysis was done on phone data and location data. Phone
data in particular was analyzed based on the lapse of time since previous call, as for location
data, they used the interactive clustering algorithm to compute clusters of the most frequently
visited locations. The scoring algorithm was applied on this collected data and noticed that the
score decreases to zero during the periods knows as active, and during that specific day, were
not. Another experiment was conducted where an adversary calls a set of unknown numbers
from the user's device, and the score also quickly decreased to zero. As future work, they will
attempt to make use of all features for the scoring, and report results on false positive and false
negative rates, research methods to model the dependence between different features (i.e.,
activities) and research methods to model adversarial behavior.
SenSec [12] is an application prototype that constantly collects sensory data from
accelerometers, gyroscopes and magnetometers and constructs the gesture model of how a user
uses the device. SenSec calculates the sureness that the mobile device is being used by its
owner. Based on the sureness score, mobile devices can dynamically request the user to provide
active authentication (such as a strong password), or disable certain features of the mobile
devices to protect user's privacy and information security. The experiment started with offline user
classification by asking a set of 20 random volunteer to repeat 5 to 10 times a certain set of
actions, pick up the phone, unlock it, open the email application, lock the phone and return it to
the table. The online user authentication consisted of giving a phone for users for 24 hours with
the SenSec application running on these phones. A sureness score is calculated. If it falls below
a preset threshold while certain operation is performed, an authentication screen will be pop up
asking user to enter a passcode. Next these same phones are given to other participants as a
negative testing stage. As result, user studies show that SenSec can achieve 75% accuracy in
identifying the users and 71.3% accuracy in detecting the non-owners with only 13.1% false
alarms. Also, SenSec bears an average 4.96 seconds detection delay.
International Journal of Computer Science and Security (IJCSS), Volume (10) : Issue (4) : 2016 124
Hassan Sbeyti
pattern that was assigned randomly. For instance, out of the 26 participants, for whom valid
attacks existed, six reached an accuracy of 90% or higher. This second approach increased the
overall accuracy by more than 20%. Overall, it can be stated that using touch screen data to
identify users works to a certain degree. This is supported by the fact that increasing the
threshold for valid authentication attempts improves overall accuracy. As future work, they
attempt to improve accuracy of the results, also they will be implementing a prototype based on
the presented approach that does the calculation on the mobile device to perform another long-
term study based on this application.
Bo, Zhang et Al. feature in their study a framework entitled SilentSense [14]. It consists of
tracking the touch actions of the user and combine them with a movement based biometrics in
order to verify whether the current user is the owner or guest/attacker. This approach showed that
the user can be identified with an accuracy over 99%. For one operation on the device, the
framework could capture multiple information, including: the coordinate on the screen of both
touch down and release; the duration of one interaction; the sensory data from both
accelerometer and gyroscope, the pressure for the finger touching on the screen, and the motion
condition of the user. This detection combination was tested in a static and dynamic scenario. In
the first, they evaluated the performance through three different applications, including Message,
Album, and Twitter. It was noticed that the framework could reach over 80% accuracy within ten
event observations, and the owner will be judged within 6 observations. As for the dynamic
scenario, the framework collected their processed vertical and horizontal accelerations in the
earth coordinate system and combined them with touch event features. After 12 steps, the
accuracy to identify a guest can achieve 100% and after 7 steps, the accuracy to identify the
owner can achieve 100.
Dividing that kind of data by application seemed to improve accuracy of the results. Looking at
the application alone, it contains user centric data more than the phone itself. The application
"knows best on when to authenticate and how to authenticate" [15]. In this research, the
application developer decides a suitable classifier depending on the type of application. For
example, for a browser, a classifier based on touch input behavior would provide more accuracy
than one with keystrokes data. This application centric approach achieved over 85\% accuracy
rate after 50 training samples.
Classifying movement characteristics of the center of the palm and the fingertips was considered
among the promising authentication techniques [16]. The five-finger touch gestures achieved a
90\% accuracy rate in recognizing an owner based on pattern recognition techniques.
Frank, Biedert et Al. propose a framework Touchalytics [17] that relies on touchscreen input as
data source. They discussed in their paper the ability to continuously authenticate users based on
the way they interact with the touchscreen of a smart phone. That interaction is typically the way
the user scrolls text on his phone. It includes sliding horizontally over the screen and sliding
vertically over the screen to move screen content up or down. This behavior covers browsing
through images or navigating to next screens, or reading emails or documents or browsing
menus. Every user interacts differently with his phone in this context and can by that be
authenticated according to this particular feature. In order to be able to distinguish between
different users, the paper suggests the usage of two different classifiers k-nearest-neighbors
(kNN) and a support vector machine with an rbf-kernel (SVM). The kNN classifier takes every
new observation (here: a stroke) and locates it in feature space with respect to all training
observations. The classifier identifies the k training observations that are closest to the new
observation. Then, it selects the label that the majority of the k closest training observations have.
SVM generalizes from the observed data, i.e., it forgets the individual observations after training
and only saves the decision. Experiments were conducted where a set of users are given a text
to read on their phones and their stroke pattern was recorded. Overall, the authentication difficulty
seems to increase with increasing temporal distance to the training phase. The individuals in the
experiment would complain from having to read a long text and gave up half way. Interestingly,
the long-term authentication of the scrolling classifiers is an exception as its median error rate is
International Journal of Computer Science and Security (IJCSS), Volume (10) : Issue (4) : 2016 125
Hassan Sbeyti
lower than for the inter-session authentication. Thereby, depending on the authentication
scenario, there is approximately a 0% to 4% chance that the correct user will be rejected or that a
false user will be accepted. For some scenarios, this error rate is still too high for the system
being directly implemented as is. However, this result demonstrates that touch-based continuous
authentication is feasible.
Itus [18] is an open-source framework that can be deployed off-the-shelf and that combines
SilentSense and Touchalytics. It provides an application easy to adapt, extensible and with low
performance overhead.
3. MOUBE
The MOUBE system is composed of two components as depicted in figure1 namely, the learning
component and the authentication component. The learning component is composed of two
parts: the first part (called learning phase one) is responsible for capturing the user behavior (it
runs over one month) and the second phase (it runs over 15 days and its called learning phase
two) aims at calculating the user threshold. The authentication component runs in the background
infinitely, immediately after executing phase 1 and 2 of the learning component. It acts as implicit
authentication system and is activated only when the user finishes using any application.
Capturing user
phase 1
behavior
Learning
component
Calculating
phase 2 threshold
Authentication Implicit
component Run time phase Authentication
International Journal of Computer Science and Security (IJCSS), Volume (10) : Issue (4) : 2016 126
Hassan Sbeyti
User behavior is defined as all kind of user interaction with his/her phone. That is, not limited to,
the applications he/she uses, the time he/she uses them, the duration of use, and the order of
use.
In this research, we focus our study at analyzing the duration of use of each application. As an
example, figure 2 shows the duration of use of the WhatsApp application plotted against the start
time of each usage of that application during 5 full weekdays for two users. The data is taken raw
and not manipulated in any form. In our study, we assume that each user presents a unique
behavior in the duration of use of each application for the same time frame. We will attempt to
prove this hypothesis using real collected data and with the support of a mathematical model.
International Journal of Computer Science and Security (IJCSS), Volume (10) : Issue (4) : 2016 127
Hassan Sbeyti
Next, the duration is filtered to values between 5 and 180 seconds in order to remove the
readings that were not meaningful in our approach; this is depicted in figure 5.
International Journal of Computer Science and Security (IJCSS), Volume (10) : Issue (4) : 2016 128
Hassan Sbeyti
The data is now ready for modelling, as an example; we will take the hour 18:00 (this is depicted
in figure 6). The collected data set consists now of the converted start time in seconds, and
duration of use in seconds. The columns start time, application name, end time are no longer
needed. That data set is ordered in ascending converted start time (first column).
The "sec converted" column can be considered as the abscissa, and the "Duration" its ordinate.
Data smoothing
To model this data set and avoid fluctuation and negative values in the interpolation, data is
-3
sampled at a rate of 8.33 x 10 Hz, that is a reading every 2 minutes. Since the user does not
necessary use any application at that particular rate, the data is distributed to 31 points by
assigning it to the higher start time. The example is shown in figure 7 and in figure 8 The first
point is (0, 0). The 2nd start time 64 is less than 120, therefore, the duration 48 is assigned to
120. As for the start time 275, 287, 340, they all fall below 360, so an average of their duration is
taken and assigned to 360. As a result: Sometimes, the data acquired does not fill the 31 points
that represent an hour. As a solution, midpoints are used to bridge gaps. Using this method, the
same sample data used earlier is filtered, and the result is a curve showing one application
(WhatsApp), one user, and one hour over 5 consecutive weekdays figure 10. We can notice that
this time, the data is less and can be modelled. We will be looking next at a way to quantify that
behavior using a mathematical function.
International Journal of Computer Science and Security (IJCSS), Volume (10) : Issue (4) : 2016 129
Hassan Sbeyti
International Journal of Computer Science and Security (IJCSS), Volume (10) : Issue (4) : 2016 130
Hassan Sbeyti
Given the low accuracy rate with a regular polynomial, we needed a function that would reflect
the actual user behavior without compromising its integrity. Using the cubic spline [21][22][23]
polynomial leads us to our exact goal by modelling the dataset without an error threshold. The
reason for that is that this function is based on individual cubic polynomials that link each 2 points
in order to create a smooth curve that passes through all the points. In the plot in figure 11, we
can see the same set of points modelled using the cubic spline function.
International Journal of Computer Science and Security (IJCSS), Volume (10) : Issue (4) : 2016 131
Hassan Sbeyti
FIGURE 12: Data for four users interpolated using cubic spline polynomial.
This function will be later used to authenticate the user from the duration of use of an application
and from the pattern of use that the function has learned throughout this learning phase. At run
time, the phone can send to the function the start time of an application and it will return the
expected duration of use. Comparing the obtained value with the original run-time value can
provide information about the authenticity of the user.
International Journal of Computer Science and Security (IJCSS), Volume (10) : Issue (4) : 2016 132
Hassan Sbeyti
Calculated%
Real%
Duration Duration Difference Hour Minute Absice Threshold
Y Y' |Y;Y'| X AVERAGE
30 34 3 6 1 60
53 7 45 6 4 240
8 0 8 6 5 300
21 16 5 6 6 360
85 77 8 6 7 420
12 51 38 6 8 480
8 0 8 6 19 1140
14 7 7 6 20 1200
93 0 93 6 31 1860
19 0 19 6 34 2040
62 0 62 6 34 2040
6 0 6 6 35 2100
23 13 10 6 47 2820
23 6 17 6 52 3120
5 2 2 6 53 3180
69 126 57 6 54 3240
23 0 23 7 8 480 24
119 31 88 7 11 660
65 80 14 7 31 1860
51 0 51 7 35 2100
69 15 54 7 36 2160
93 14 79 7 37 2220
15 17 2 7 39 2340
13 70 57 8 1 60 44
25 30 5 8 6 360
International Journal of Computer Science and Security (IJCSS), Volume (10) : Issue (4) : 2016 133
Hassan Sbeyti
Hour% Below%%
Real%Duration Calculated%Duration
Difference Hour Minute Absice Threshold Threshold Authentication%if%less%or%equal%to%two
y y' |y>y'| X
5 0 5 5 29 1740 0 1
43 43 0 6 1 60 24 0
19 16 3 6 3 180 24 0
26 104 78 6 9 540 24 1
35 18 17 6 9 540 24 0 2
14 47 32 6 18 1080 24 1 2
67 28 39 6 18 1080 24 1 3
11 124 112 6 38 2280 24 1 4
FIGURE 15: Owner Authentication.
International Journal of Computer Science and Security (IJCSS), Volume (10) : Issue (4) : 2016 134
Hassan Sbeyti
New!x,y?!
Y!
Get!y!using!
cubic!spline,!
using!x!as!input!
Calculate!|y8y|!
Is!|y8y|<!
Threshold?!
Y!
Result=1!
Result=0!
Is!the!sum!of!last!
five!results!<3!?!!
!
Y!
Not!
Authenticated:!
Authenticated:!
Owner!
Adversary!
4. EXPERIMENTAL RESULTS
The MOUBE has been implemented within the middle ware SCAMMP [24] [25] on Android
platform. The main goal of SCAMMP is to provide a middleware framework that offers high-level
context-aware information through a simple API to the application layer. To implement MOUBE
on SCAMMP, only one agent is needed. This agent encapsulates a software sensor namely, the
user behavioral sensor. It is defined as a kind of user interaction with his/her phone. The agent
records the start time and the duration in seconds.
International Journal of Computer Science and Security (IJCSS), Volume (10) : Issue (4) : 2016 135
Hassan Sbeyti
The MOBE has been evaluated under real time condition; where the application has been
installed on the users mobile phones for a period of two months.
In order to conduct this experiment, we restrict our study to smart phones with android platform.
The study consists of collecting user centric data to capture the user behavior. That data is
collected from 30 users over a sequence of 60 days. The learning phases run over forty-five (45)
days and the authentication period was limited to fifteen (15) days. The users were asked to run
the application on their phone and not to stop it till the end of the experiment. No special
behavioral requirement was asked of them.
After finishing the learning phases, the authentication phase was started to evaluate the MOUBE
algorithm.
Sixteen (16) users were allowed to run the authentication phase using their cubic spline function
and thresholds (that were calculated during the learning phases 1&2) and it is expected to
positively authenticate the user as device owner. We except to collected the following values:
o True positive: The user is indeed the owner and
o False negative: The user is the owner of the device but the result suggests he is
an adversary.
Second, as for the remaining fourteen (14) users, we switched their cubic spline function and
thresholds. The group of these users should not be authenticated by the MOUBE system
because they are adversary.
The results of the above experiment are depicted in figure 17 below. We can notice that we were
able to achieve a positive identification of the owner 76%, and the intruder 64% on average.
These results are not as high for intruder detection and this is because of the high values of the
thresholds for some hours. But considering that this research work traces only one user behavior
it has an important achievement. Combining other user behaviors together will for sure provide
better identification rates. The MOUBE provides real time decision, immediately after the user
finishes using his/her mobile application. While other related works can not produce an immediate
decision, even if the identification rates is comparable to some related work, MOUBE opens a
new category of real time implicit authentication.
Average
True positive 76%
False negative 24%
True negative 64%
False negative 36%
FIGURE 17: Results Average.
5. SYSTEM COMPARISON
Providing a real-time implicit user authentication system is not a trivial task, in fact it is a trade-off
between accuracy and detection latency. Many implicit user authentication techniques based on
behavioral user pattern have been proposed. However, all of them have limitations. Figure 18
depicts the Accuracy in detection the owner, detection latency, and limitations of three different
systems. All three systems have comparable accuracy, we do believe that the accuracy can be
International Journal of Computer Science and Security (IJCSS), Volume (10) : Issue (4) : 2016 136
Hassan Sbeyti
further improved by all systems and this is stated in their future works, but the most important
thing is the functionality of the system it self. One expects form implicate authentication to act in
the background, to be accurate and have real time response. Only the MOUBE system provides
a real time system that acts in the background without user intervention, this is depicted in its
architecture and in the flowchart of the algorithm. We believe that this is what distinguished
MOUBE form the other systems, but the accuracy of detection needs further enhancement.
Concerning the limitations of MOUBE, we are further working of making the application available
to wide range of users, in order to test the scalability of system accuracy.
accelerometers,/
gyroscopes/and/ Latency/in/fwee/ The/experiment/was/done/
[12] magnetometers 75% seconds offline
Ours/ Application/ Number/of/user/tested/was/
(MOUBE) usage 75% Real/time/response
30/users/only
FIGURE 18: Characteristics of Different Implicit User authentication Schemes.
The user behavior can be further expanded to cover things other than the application usage.
Everything that is affected by the user can be regarded as user behavior, for instance, the speed
of battery drain, the CPU percentage usage, data stream over the Wi-Fi and the mobile data
network.
In this research we have considered every application to model a single user behavior, what still
can be explored is putting all collected user behaviors in a single matrix. Further, the matrix
eigenvalues can be used as a unique signature. One can also use Fourier transformation [26][27]
to model the user behavior over long period. In this work, we identify and model the user
behavior to be used as implicit authentication, nevertheless, we do believe that there is still a lot
to explore in this field.
International Journal of Computer Science and Security (IJCSS), Volume (10) : Issue (4) : 2016 137
Hassan Sbeyti
7. REFERENCES
[1] Enisa.europa.eu. Top Ten Smartphone Risks ENISA. Internet:
https://www.enisa.europa.eu/activities/Resilience-andCIIP/critical-applications/smartphone-
security-1/top-ten-risks, Oct. 25, 2000 [Nov. 24, 2015].
[2] Clarke. Furnell. Authenticating mobile phone users using keystroke analysis. International
Journal of Information Security, vol. 6.1, pp. 1-14, 2007.
[3] Saevanee, H., and P. Bhattarakosol. Authenticating user using keystroke dynamics and
finger pressure, in Proc. CCNC Consumer Communications and Networking Conference,
2009.
[4] Wang, Yuan, Yunhong Wang, and Tieniu Tan. Combining fingerprint and voiceprint
biometrics for identity verification: an experimental comparison in Book Biometric
Authentication, Ed. Berlin Heidelberg: Springer, 2004, 663-670.
[5] D.B. Sae-Bae, Napa, et al. Biometric-rich gestures: a novel approach to authentication on
multi-touch devices, in Proc. SIGCHI Conference on Human Factors in Computing Systems
ACM, 2012, pp.
[6] Yazji, Sausan. Implicit user re-authentication for mobile devices, in Ubiquitous Intelligence
and Computing, Berlin Heidelberg: Springer, 2009, pp. 325-339.
[7] B. El-Hage. Mobile user signature extraction based on user behavioral pattern. MSC
thesis, Arab Open University - Faculty of Computer Studies, Lebanon, 2015.
[8] H. Sbeyti, B. ElHajj, A. Fadlallah Mobile user signature extraction based on user behavioral
pattern(MUSEP) International Journal of Pervasive Computing and Communications, Vol.
12, No. 4, October 2016.
[9] Stober, Tim, et al. Who do you sync you are?: smartphone fingerprinting via application
behavior, in Proc. of the sixth ACM conference on Security and privacy in wireless and
mobile networks. ACM, 2013.
[10] Fischer, Ian Timothy, et al. Short paper: Smartphones: Not smart enough?, in Proc. of the
second ACM workshop on Security and privacy in smartphones and mobile devices. ACM,
2012.
[11] Jakobsson, Shi, et al. Implicit authentication for mobile devices, in Proc. of the 4th USENIX
conference on Hot topics in . USENIX Association, 2009.
[12] Zhu, Jiang, et al. Mobile security through passive sensing, in Proc. of the Computing,
Networking and Communications (ICNC). IEEE, 2013.
[13] De Luca, Alexander, et al. Touch me once and i know it's you!: implicit authentication based
on touch screen patterns, in Proc. of the SIGCHI Conference on Human Factors in
Computing Systems. ACM, 2012.
[14] Bo, Cheng, et al. SilentSense: silent user identification via touch and movement behavioral
biometrics, in Proc. of the 19th annual international conference on Mobile computing and
networking. ACM, 2013.
[15] Khan, Hassan, and Urs Hengartner. Towards application-centric implicit authentication on
smartphones, in Proc. of the 15th Workshop on Mobile Computing Systems and
Applications. ACM, 2014.
International Journal of Computer Science and Security (IJCSS), Volume (10) : Issue (4) : 2016 138
Hassan Sbeyti
[16] Sae-Bae, Napa, et al. Biometric-rich gestures: a novel approach to authentication on multi-
touch devices, in Proc. of the SIGCHI Conference on Human Factors in Computing
Systems. ACM, 2012.
[17] M. Frank, R. Biedert, E. Ma, I. Martinovic, and D. Song. Touchalytics: On the applicability of
touchscreen input as a behavioral biometric for continuous authentication. IEEE
Transactions on Information Forensics and Security, vol. 8(1, pp. 136148, Jan. 2013.
[18] Khan, Hassan, Aaron Atwater, and Urs Hengartner. Itus: an implicit authentication
framework for android, in Proc. of the 20th annual international conference on Mobile
computing and networking. ACM, 2014.
[19] Gafurov, Davrondzhon, Kirsi Helkala, and Torkjel Sndrol. Biometric gait authentication
using accelerometer sensor. Journal of computers, vol. 1.7, pp. 51-59, 2006.
[20] M, Jani, et al. Identifying users of portable devices from gait pattern with accelerometers, in
Proc. IEEE International Conference on Acoustics, Speech, and Signal Processing. IEEE,
2005.
[21] Monotonic cubic spline interpolation. In Computer Graphics International, 1999. Proceedings
(pp. 188-195). IEEE.
[22] McKinley, S. and Levine, M., (1998) Cubic Spline Interpolation. College of the Redwoods.
[25] H. Sbeyti et al. Standardized Scalable Relocatable Context-Aware Middleware for Mobile
Applications. Internet: www.scammp-project.info 2014 [June. 28, 2016].
[26] Osgood, B., (2013). Lecture notes for EE 261: the Fourier transform and its applications.
Stanford Engineering Everywhere.
[27] Rao, K.R., Kim, D.N. and Hwang, J.J., (2011). Fast Fourier Transform-Algorithms and
Applications. Springer Science \& Business Media.
International Journal of Computer Science and Security (IJCSS), Volume (10) : Issue (4) : 2016 139